US intelligence services implanted bugging tools into cryptographic facsimile devices to intercept secret communications sent or received by the European Union's Washington, DC outpost, according to the latest leak from former National Security Agency staffer Edward Snowden. Technical details are scarce, but security experts reading between the lines say the program probably relies on an old-school style of espionage that parses electric currents, acoustic vibrations, and other subtle types of energy to reveal the contents of encrypted communications.

The bugging method was codenamed Dropmire, and it appears to rely on a device being "implanted on the Cryptofax at the EU embassy, DC," according to a 2007 document partially published Sunday by The Guardian. An image included in the document, presumably taken from a transmission traveling over a targeted device, showed highly distorted text that can just barely be read by the human eye as the letters "EC" followed by "NCN." The fax device was used to send cables between foreign affairs ministries and European capitals, according to Sunday's report.

The ability to approximate the plaintext message but not capture it as it appeared when fully decrypted likely means Dropmire didn't crack the precise algorithm or key used to encrypt the message. That—along with the detail about something being "implanted" in the fax device—has led to speculation that the program monitored electrical, mechanical, or acoustical energy emanating from the device to deduce clues about the plaintext messages being received. Such techniques fall under the umbrella term Tempest, which was coined more than three decades ago as an NSA tactic for reading sensitive communications relating to national security. More recently, Tempest has come to mean any investigation or analysis that uses so-called "compromising emanations" to reveal the contents of sensitive communications or lead to the decryption of encrypted data.

"Having done many experiments to eavesdrop on office equipment myself, the noisy image at the bottom third of the picture above looked instantly familiar," Markus Kuhn, a computer scientist and senior lecturer at Cambridge University, wrote in a blog post published Monday. "It is what you might get from listening with a radio receiver on the compromising emanations of a video signal of a page of text."

Three security experts Ars spoke with agreed with Kuhn's analysis. They said it makes a strong case that the attacks targeting the EU encrypted fax devices were relying on what's known as side-channel attacks, which target weaknesses in a specific cryptographic implementation rather than the underlying cipher or mathematics it's built on.

"It's breaking things that really have nothing to do with the cryptography itself," Justin Troutman, a cryptographer and independent security and privacy researcher, told Ars. He went on to say that the effort required on the part of US intelligence agents was likely justified when considering the intelligence value of the encrypted data. "I think the side-channel attacks are plausible, and I think the target warrants it. So even though it's speculation at this point, it's certainly a valid point within the realm of reason."

Side-channel attacks analyze subtle fluctuations in power drawn by a cryptographic device or slight differences in the amount of time it takes the device to complete certain tasks. The side data is then used to ferret out clues about the underlying plaintext or the key or algorithm that was used to encrypt it. In some cases, side-channel attacks can be used to recover the entire cleartext once enough clues are gathered. Other times, the technique reveals only partial contents of the message.

"One way I've seen other side-channel attacks work is once you convert a signal into a binary, you can hope that it's as easy as reading the data," Troutman explained. "There's going to be noise, so it may take other algorithms to parse through that noise and filter it out. But if you can get bits and pieces, a few letters here, a few letters there, over time you may be able to build a picture of what the conversation is about, or enough to at least identify what this communication channel is used for, or possibly even identify names attached to other projects."

Cryptographic device makers have known about side-channel attacks for decades and often work hard to prevent their wares from leaking clues that can compromise customers' encrypted messages. Hardened devices often use data "padding" to obscure the size of encrypted messages. Devices may also be programmed to ensure there's more uniformity in the amount of time it takes for different types of data to be encrypted or decrypted. They frequently encase cryptographic devices in protective shields that prevent them from leaking electric or other types of emanations that can be analyzed by an adversary. That being the case, how might US intelligence agents carry out a side-channel attack on an encrypted fax device belonging to the EU?

One possibility is to plant some sort of bug on or near a targeted device that captures compromising emanations and delivers them to intelligence agents for analysis. While the data intercepted by such a Tempest-style bug has clear disadvantages—namely, the crudeness of the data it intercepts—it might also be considerably easier to plant and harder for EU defenders to detect. By contrast, a more advanced bug secretly added to a fax device might be able to deliver a more reliable copy of the protected communication while being relatively easy for someone to spot. In some cases, the bug might not be anything that's added but, rather, something removed to permit leakage that wouldn't otherwise occur. The corruption in the image included with The Guardian article suggests the device was closer to the former.

"That the image is so distorted, and getting edges instead of content, indicates that it's something simple, such as adding a wire or removing wire, as the [Kuhn] article indicates," said Rob Graham, CEO of security consultancy Errata Security. "Adding a circuit board would be detectable, snipping a trace on a circuit board to enhance emanations wouldn't be."

It's also possible that the surveillance was conducted by using a bug to analyze radio frequency emissions only after the sensitive data had been decrypted and was in the process of being printed by the fax device. In 2009, for instance, researchers demonstrated two methods for eavesdropping on passwords and other sensitive data by exploiting vibrational patterns and electromagnetic pulses that emanate with every character entered into a computer.

"The laser printer of a fax machine certainly fits the profile and unless specific countermeasures are in place, it might be vulnerable to such eavesdropping techniques, which would not be mitigated by the encryption layer, as they target the end output of the printer," said Andrea Barisani, chief security engineer for Inverse Path and one of the researchers behind the 2009 demonstration. "Our company is often given the task to assess the interaction between physical electronics and software security of embedded devices such as printers and fax machines. In the vast majority of cases, all of the tested targets are vulnerable to software attacks, hardware attacks, or a combination of the two."

The lack of specific details in The Guardian article makes it impossible to know just how accurate speculation is that US intelligence services are launching Tempest-style attacks on its European allies. But based on the information available, it's not possible to rule out these James Bond-type of surveillance techniques either.

Whether the reports are completely accurate is not the real problem. The problem is that any NSA spying report or rumor has some credibility given what is already known. The NSA has been spying on US citizens without cause for years so any story about spying on (fill the blank) is easy to believe.

Also, the NSA blunders provide a perfect cover for Chinese and Russian espionage activities by giving them plausible deniability.

I guess its fair to say though if the US are spying on 'friendly' missions they are going nuts with the 'unfriendly' embassies.

To be fair, it'd be naive to think that they aren't doing the same to us. It's not that I condone what the NSA is doing, it's just not at all out of the norm for countries - even allies - to do this to eachother even if on the surface they claim they would never do anything like that.

I had no idea you could even determine the actual encrypted content based on the electrical emissions of the appliance or device. That's incredibly fascinating.

I believe Ars had another article where they showed how a phone placed next to a keyboard, could use the phones internal accelerometers to detect the cadence of typing. Essentially turning it into a keystroke logger. Crazy cool stuff.

I guess its fair to say though if the US are spying on 'friendly' missions they are going nuts with the 'unfriendly' embassies.

Just like they are doing to us. That's the nature of international relations. Unless your nation state is flagrantly breaking an important treaty or committing atrocities, it's the wild west and pretty much anything goes. While it's interesting as a tech geek to get some details on this stuff, I don't see how it is remotely relevant to the domestic spying, which is the real issue. Snowden should stop while he's ahead, exposing legitimate foreign intelligence operations (the embassy is EU soil) does not help his "I'm a friendly whistleblower looking for justice" case. The EU already knows we are spying on them, and they are spying on us, it's how the game is played.

Seems like it would have been simpler to just bribe or blackmail someone. Or wait for it to appear on wikileaks.

I guess its fair to say though if the US are spying on 'friendly' missions they are going nuts with the 'unfriendly' embassies.

Well, it's not unusual for countries to be spying on their "friends" as well as problem nations. Alliances are strategic partnerships and nothing more. The US and all other nations form alliances based on how it can benefit them not based on friendship and goodwill.

Also, the NSA blunders provide a perfect cover for Chinese and Russian espionage activities by giving them plausible deniability.

Yeah well, on the upside the former Danish foreign minister, Per Stig Møller, said that while he was there (in the EU mission in Washington), the EU always operated under the impression that they were being spied on. He just expressed surprise that it was the Americans and not the usual suspects.

I assume if NSA had to actually alter the fax machine to get that image, then at least the Russians and Chinese wouldn't have psyscical access to their offices in Washington.

I guess its fair to say though if the US are spying on 'friendly' missions they are going nuts with the 'unfriendly' embassies.

To be fair, it'd be naive to think that they aren't doing the same to us. It's not that I condone what the NSA is doing, it's just not at all out of the norm for countries - even allies - to do this to eachother even if on the surface they claim they would never do anything like that.

I think you're naive for believing that "they", obviously the EU can't, but the individual member states does. You're becomming a part of the group think that validates this kinds of actions.

I don't think Germany, for example, has bugged the US embassy in Germany.

I had no idea you could even determine the actual encrypted content based on the electrical emissions of the appliance or device. That's incredibly fascinating.

The electrical emissions are usually of the plain text making any expensive encrypted content only safe from man in the middle efforts.https://en.wikipedia.org/wiki/Tempest_(codename)First seen by the CIA in 1951. The UK saw the real world results in 1952 due to a processing error cypher machine in the Washington Embassy.From then on it was a race to sell any country Soviet safe encryption that would leak plain text at a physical close level eg the room to ~hundred yards.

I guess its fair to say though if the US are spying on 'friendly' missions they are going nuts with the 'unfriendly' embassies.

To be fair, it'd be naive to think that they aren't doing the same to us. It's not that I condone what the NSA is doing, it's just not at all out of the norm for countries - even allies - to do this to eachother even if on the surface they claim they would never do anything like that.

I think you're naive for believing that "they", obviously the EU can't, but the individual member states does. You're becomming a part of the group think that validates this kinds of actions.

I don't think Germany, for example, has bugged the US embassy in Germany.

You don't? I certainly think they have. If not the embassy than the communication lines themselves that leave the embassy. Just because I think it's wrong doesn't mean it isn't the norm and it's beyond naive - it's downright foolish - to think otherwise.

You need only look at the UK intercepting e-mails with keyloggers and fake cafe hot-spots for the last G20 conference to see that other nations do it. You really think that the other major European economic and military powers like France, Germany and The Netherlands don't utilize espionage on "allied" nations?

I'm pretty sure every government in the world is doing bug sweeps in every critical building they have right now...

Like they do all the time already. This is business as usual.

Quote:

I don't think Germany, for example, has bugged the US embassy in Germany.

Then you are naive. Information is power, and while we aren't going to be shooting at Germany any time soon, knowing what the other side is thinking still provides a valuable advantage in negotiations.

I'm pretty sure every government in the world is doing bug sweeps in every critical building they have right now...

Like they do all the time already. This is business as usual.

Quote:

I don't think Germany, for example, has bugged the US embassy in Germany.

Then you are naive. Information is power, and while we aren't going to be shooting at Germany any time soon, knowing what the other side is thinking still provides a valuable advantage in negotiations.

This is basically just you saying it because otherwise you would loose way too much of your moral standing. The thing is, you have no idea. Maybe they do, maybe they don't, but spying on allies is not such a standard practice or it would not generate such diplomatic backlashes.

I don't think Germany, for example, has bugged the US embassy in Germany.

You don't? I certainly think they have. If not the embassy than the communication lines themselves that leave the embassy. Just because I think it's wrong doesn't mean it isn't the norm and it's beyond naive - it's downright foolish - to think otherwise.

You need only look at the UK intercepting e-mails with keyloggers and fake cafe hot-spots for the last G20 conference to see that other nations do it. You really think that the other major European economic and military powers like France, Germany and The Netherlands don't utilize espionage on "allied" nations?

No, I don't think that Germany has bugged the US embassy in Berlin.

I think that was a rather specific statement, that can't really be watered down with the UK spying on the G20 which includes, you know, non-allies of the UK. (edit: And I may add, their spying was rather non-specific rather than bugging their missions AFAIK)

I really think you, not just you, it's apparently the general discourse where ever you look, believe that USA is validated in its actions because USAs allies are spying on them.

You're going to be caught offguard when USAs allies reactions are different from the "hehe, oh you got caught, LOL", but instead genuine surprise and disgust.

I would imagine that good old fashioned hand delivery of dispatches via personal courier will be making a rapid return to favour, as will onetime pad cryptography. I can understand realpolitik meaning that nations keep a friendly eye on one another, even close allies, but this level of wholesale espionage really does harken back to the height of the cold war. Shocking stuff.

Van Eck phreaking is a real thing that's actually been used, not just one of Stephenson's made up but plausible technologies. Wim van Eck, a computer researcher, published the first paper and proof of concept in 1985.

I don't think Germany, for example, has bugged the US embassy in Germany.

You don't? I certainly think they have. If not the embassy than the communication lines themselves that leave the embassy. Just because I think it's wrong doesn't mean it isn't the norm and it's beyond naive - it's downright foolish - to think otherwise.

You need only look at the UK intercepting e-mails with keyloggers and fake cafe hot-spots for the last G20 conference to see that other nations do it. You really think that the other major European economic and military powers like France, Germany and The Netherlands don't utilize espionage on "allied" nations?

No, I don't think that Germany has bugged the US embassy in Berlin.

I think that was a rather specific statement, that can't really be watered down with the UK spying on the G20 which includes, you know, non-allies of the UK. (edit: And I may add, their spying was rather non-specific rather than bugging their missions AFAIK)

I really think you, not just you, it's apparently the general discourse where ever you look, believe that USA is validated in its actions because USAs allies are spying on them.

You're going to be caught offguard when USAs allies reactions are different from the "hehe, oh you got caught, LOL", but instead genuine surprise and disgust.

You keep using that term "validated" as if I'm somehow supporting or happy what the NSA is doing. You're completely delusional if you truly believe we're the only country however that partakes in such heinous bugging. History is littered with such examples during the Cold War and with the current leaks you can see it in other nations as well (though so far it's the U.S. and UK leaks). How many more confirmed cases do you need to see before you realize you're just wrong?

Is it me or does it seem like we have almost no Spooks anymore (think 007). Everything the government does now is based on electricity & tech. Probably why we have know idea what's going on in the middle east unless we see it on a drone video.......

Being James Bond now requires a degree from MIT & a pocket protector.....

I think that was a rather specific statement, that can't really be watered down with the UK spying on the G20 which includes, you know, non-allies of the UK. (edit: And I may add, their spying was rather non-specific rather than bugging their missions AFAIK)

I really think you, not just you, it's apparently the general discourse where ever you look, believe that USA is validated in its actions because USAs allies are spying on them.

You're going to be caught offguard when USAs allies reactions are different from the "hehe, oh you got caught, LOL", but instead genuine surprise and disgust.

You're incredibly naive if you think that US allies are genuinely surprised and disgusted by any of this. A lot of press the world over is of the opinion that the official sentiments in the statements of foreign governments are anything but feigned to get leverage and concessions from the US the next time a big inter state negotiation rolls around.

You're going to be caught offguard when USAs allies reactions are different from the "hehe, oh you got caught, LOL", but instead genuine surprise and disgust.

I fully expect them to react with surprise and disgust. However, it won't be genuine. Internationally, everyone with the ability is spying on everyone else. That's just how the world is. The US getting caught, though, gives everyone else a political advantage, and I would be surprised if they didn't feign shock and outrage in order to exploit that advantage.

You keep using that term "validated" as if I'm somehow supporting or happy what the NSA is doing. You're completely delusional if you truly believe we're the only country however that partakes in such heinous bugging. History is littered with such examples during the Cold War and with the current leaks you can see it in other nations as well (though so far it's the U.S. and UK leaks). How many more confirmed cases do you need to see before you realize you're just wrong?

No that's not how I understand the meaning of the term validated. The context I'm using it in is what I percieve as a "well, what we're doing isn't really something we're proud of, but they're doing the same to us".

As to your question, I'd be happy with a similar example of USA's allies in the EU doing the same to the USA in a similar scope and/or manner.

Look this:http://www.reuters.com/article/2013/05/ ... DT20130515That was one month and a half ago. US spy caught in Russia, expelled to the US. Russia laugh and pretend nothing happened.Today, Snowden "spy" "caught", US threatens Russia.I totally buy the point that spying is fair game in international relations. Threatening Russia, China or Ecuador to get the spy back to the US and hung is not fair game though.http://www.foxnews.com/politics/2013/06 ... or-asylum/http://www.ecuadornumismatics.com/numis ... ition.htmlYour spy got caught. Don't make a fuss about it, don't ask for the spy to be hung. Just make excuses, promise not to do it again and move on. The US government is shooting itself in the foot with the fuss they are making about Snowden. The more they talk about him the more they expose themselves as idiots and bullies. I mean there have been many spying scandals in the past and the media have a very short attention span. It could be forgotten by now if they did not make such a fuss about Snowden.

My post from the Der Spiegel article sums up my feelings on this matter, and on all those excusing such activities by basically saying, "Of course everyone else does it--don't be naïve--so it's okay for us to do it." So I'm repeating it with little change here, since we're having largely the same discussion over again.

Yes, there are other nations who spy on "allies"--perhaps even so covertly, extensively, elaborately, and shamelessly as we seem to be doing it. The problem--and the source of so very many corollary problems--is that whether it's standard practice or not it's still morally and ethically bankrupt to undertake such actions covertly, and to fight against disclosure compounds the error. If everyone (or at least just "we") said upfront and openly "Yes, every nation that can do so bugs every other nation and group they can, enemy or ally, at any and every level they can. Those are just the rules of the game."--then fine, those would then be the rules of the game, and we'd then be playing it fairly. Instead nations claim one set of rules in public and hypocritically play by a different set in private. Hypocrisy is never a virtue, while openness always is. Our hypocrisy is a moral, ethical, even international-legal weakness which other nations can, and do, use against us.

Any relations between people--or between governments, or between governments and people--are basically comprehensible as the formation or continuance of a contract. Any reasonable, just, acceptable, enforceable contract can only result from a meeting of the minds or at least an "agreement to the same thing" where both parties share an informed understanding of the most basic facts surrounding, and most basic implications of, such a contract. Fraud, undue influence, duress, and misrepresentation, are all grounds on which contracts are invalid--three of which can reasonably said to result almost facially from intrusive covert surveillance and nondisclosure. I think the level of intrusion and nondisclosure our government routinely engages in makes informed consent to contract with it impossible. Our government is losing legitimacy both domestically and abroad because of this, even if most people don't have fancy philosophical, moral, or legal language to explain why they feel our government has been "lessened."

Before anyone disagrees, dissociate the actions being described from the fact that a government--much less ours--is engaging in them. What if a corporation had been described as doing this to a trade group composed of competing corporations--and to that competing group's employees at home, and to its own employees at home?* How would we treat that? Wouldn't we see any relations between these parties in a different light after we knew about such unfair dealings, and consider that the party engaging in intrusive covert surveillance and nondisclosure is a bad actor who's taken advantage of the other parties in any of their interactions?

It frankly doesn't matter what other parties do or expect. We can only choose for ourselves whether to do what's right, moral, ethical, just--or what stands opposite all that--and whether to demand the same fidelity from others we choose to deal with. We choose whether to be a shining city on a hill, better than and an inspirational example for those who fall short--or to be as corrupt and unjust as the rest of the crowd, "because everybody else does it." We get the world we create--and thus the world we deserve.

And if we indeed want a world where everyone spies on everyone else--even their friends and allies--then fine. But we need to be honest about it and not hypocrites (and therefore fraudsters as well).

I think we'd have a much better world if everyone--but in particular anyone seeking a life in politics--were still taught philosophy as rigorously as a liberal education used to teach it. Doing things consequentially because they give us a short-term situational advantage, or "because everyone else does it," is just not good enough anymore. We should be better than that, and we'll need to be to survive long-term in this globalized world. Making the world more just may be harder, but it's better for us all long-term than racing to the bottom as fast as possible to dirty ourselves up as much as everyone else...

*: Note that I'm not even against the NSA surveillance and data retention regarding phone records, e-mail headers, and web traffic, in and of itself--if that's what a clear majority of the people want, I don't think it's unreasonable or fully intrusive, and that we should do it. I'm against doing it in secret without the public's consent and oversight--unacceptable.

I guess its fair to say though if the US are spying on 'friendly' missions they are going nuts with the 'unfriendly' embassies.

To be fair, it'd be naive to think that they aren't doing the same to us. It's not that I condone what the NSA is doing, it's just not at all out of the norm for countries - even allies - to do this to eachother even if on the surface they claim they would never do anything like that.

To be even more fair,if we do it and enemies do it and allies do it and everyone knows the other is doing it, then it ISN'T TOP FUCKING SECRET.

It is "common knowledge". And, there is no crime in distributing common knowledge. So, why the fuss about Wikileaks, Snowden, and all the other whistler blowers attacked by the US?

Is it me or does it seem like we have almost no Spooks anymore (think 007). Everything the government does now is based on electricity & tech. Probably why we have know idea what's going on in the middle east unless we see it on a drone video.......

That's the way the Cold War always seemed to me through TV documentaries and cinema, the US and Allies relying on spy satellites and undersea cable taps, the Soviets coming up with new means of seducing Westerners to turn on their Governments.